package org.openrewrite.java.security.marshalling;

import java.util.Collections;
import java.util.Iterator;
import org.openrewrite.ExecutionContext;
import org.openrewrite.Recipe;
import org.openrewrite.internal.ListUtils;
import org.openrewrite.java.JavaParser;
import org.openrewrite.java.JavaTemplate;
import org.openrewrite.java.JavaVisitor;
import org.openrewrite.java.MethodMatcher;
import org.openrewrite.java.tree.Expression;
import org.openrewrite.java.tree.J;
import org.openrewrite.java.tree.JavaType;
import org.openrewrite.java.tree.TypeUtils;

/* loaded from: input_file:org/openrewrite/java/security/marshalling/SecureJacksonDefaultTyping.class */
public class SecureJacksonDefaultTyping extends Recipe {
    public String getDisplayName() {
        return "Secure the use of Jackson default typing";
    }

    public String getDescription() {
        return "See the [blog post](https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062) on this subject.";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: getVisitor, reason: merged with bridge method [inline-methods] */
    public JavaVisitor<ExecutionContext> m19getVisitor() {
        final MethodMatcher methodMatcher = new MethodMatcher("com.fasterxml.jackson.databind.ObjectMapper enableDefaultTyping(..)", true);
        return new JavaVisitor<ExecutionContext>() { // from class: org.openrewrite.java.security.marshalling.SecureJacksonDefaultTyping.1
            static final /* synthetic */ boolean $assertionsDisabled;

            public J visitMethodInvocation(J.MethodInvocation methodInvocation, ExecutionContext executionContext) {
                if (methodMatcher.matches(methodInvocation)) {
                    JavaType.Method asMethod = TypeUtils.asMethod(methodInvocation.getType());
                    if (!$assertionsDisabled && asMethod == null) {
                        throw new AssertionError();
                    }
                    if (asMethod.getDeclaringType().getMethods().stream().anyMatch(method -> {
                        return "activateDefaultTyping".equals(method.getName());
                    })) {
                        maybeAddImport("com.fasterxml.jackson.databind.jsontype.BasicPolymorphicTypeValidator");
                        StringBuilder sb = new StringBuilder("#{any(com.fasterxml.jackson.databind.ObjectMapper)}.activateDefaultTyping(BasicPolymorphicTypeValidator.builder().build()");
                        Iterator it = methodInvocation.getArguments().iterator();
                        while (it.hasNext()) {
                            JavaType.FullyQualified asFullyQualified = TypeUtils.asFullyQualified(((Expression) it.next()).getType());
                            if (asFullyQualified != null) {
                                sb.append(",#{any(").append(asFullyQualified.getFullyQualifiedName()).append(")}");
                            }
                        }
                        sb.append(')');
                        return methodInvocation.withTemplate(JavaTemplate.builder(this::getCursor, sb.toString()).imports(new String[]{"com.fasterxml.jackson.databind.jsontype.BasicPolymorphicTypeValidator"}).javaParser(() -> {
                            return JavaParser.fromJavaVersion().classpath(new String[]{"jackson-databind", "jackson-core"}).build();
                        }).build(), methodInvocation.getCoordinates().replace(), ListUtils.concat(methodInvocation.getSelect(), methodInvocation.getArguments().get(0) instanceof J.Empty ? Collections.emptyList() : methodInvocation.getArguments()).toArray());
                    }
                }
                return super.visitMethodInvocation(methodInvocation, executionContext);
            }

            static {
                $assertionsDisabled = !SecureJacksonDefaultTyping.class.desiredAssertionStatus();
            }
        };
    }
}
